ISO/IEC 17029

Conformity assessment —
General principles and requirements for
validation and verification bodies
Validation/verification
as conformity assessment
Validation/verification as conformity assessment

CASCO Toolbox:
Requirements for accreditation bodies
ISO/IEC 17011 (2017)

Requirements for certification bodies

Requirements Requirements Requirements
for for for

testing inspection validation

and bodies and Management Products Persons
calibration verification systems
laboratories bodies
ISO/IEC17021-1 ISO/IEC 17065 ISO/IEC 17024
ISO/IEC 17025 ISO/IEC 17020 ISO/IEC 17029 (2015) (2012) (2012)
(2017) (2012) (2019)
Validation/verification as conformity assessment

Functional approach:
 Selection – pre-engagement, engagement and planning
activities
 Determination – validation/verification execution activities,
including evidence-gathering activities
 Review
 Decision
 Attestation – issue of the validation/verification statement
 Surveillance – not applicable
Validation/verification as conformity assessment

Object of conformity assessment:

information declared by the client (claim, report, statement,
assertion, declaration, prediction, project plan, consolidated data…)

Validation/verification:
confirmation of a claim (information declared by the client )
through the provision of objective evidence
Validation/verification as conformity assessment

Differentiation from other CASCO tools:

- not resulting in a characterisation (testing)

- not providing examination (inspection)

- not providing an attestation of conformity for a defined period

(certification)
Validation/verification as conformity assessment

Characterisation with regards to other CASCO tools:

 The claim can represent a situation at a point in time or could

cover a period of time.
 The validation/verification outcome reflects only the situation at
the point in time it is issued as validation/verification
statement.
 Review and decision shall be made by personnel different from
those who carried out the validation/verification execution.
Validation/verification as conformity assessment

Differentiation from each other:

 validation – confirmation of a claim through the provision of
objective evidence, that the requirements for a specific intended
future use or application have been fulfilled (confirmation of
plausibility)
occurrence of
what is claimed

claim
Validation/verification as conformity assessment

Differentiation from each other:

 verification – confirmation of a claim through the provision of
objective evidence, that specified requirements have been
fulfilled (confirmation of truthfulness)
occurrence of
what is claimed

claim
ISO/IEC 17029 as CASCO tool

Exclusions from application as CASCO tool:

 Statements of conformity themselves, issued as result of
another conformity assessment activity according to the series
ISO/IEC 17000, e.g. supplier’s declaration of conformity
regarding product specifications (according to ISO/IEC 17050),
certificates (according to ISO/IEC 17021-1, 17024 or 17065),
design examination and verification in the context of inspection
(according to ISO/IEC 17020)
 Validation/verification activities as steps within the process of
another conformity assessment activity according to the series
ISO/IEC 17000, e.g. testing, inspection or certification
ISO/IEC 17029 as CASCO tool

Application:
 Application to validation/verification bodies in any sector, in
conjunction with sector specific programmes (schemes) that
contain requirements for validation/verification processes and
procedures
 Validation/verification bodies can provide validation/verification as
first party, second party as well as third party activity.
 Bodies can be validation bodies only, verification bodies only, or
provide both activities.
ISO/IEC 17029 as CASCO tool

Application as CASCO tool:

 General principles and requirements for the competence,
consistent operation and impartiality of bodies performing
validation/verification as conformity assessment activities
 Basis for recognition,
e.g. accreditation by accreditation bodies, peer assessment
within peer assessment groups, or other forms of recognition by
international or regional organizations, governments, regulatory
authorities, programme owners, industry bodies, companies,
clients or consumers
Structure
ISO/IEC 17029 – Structure

 Individual requirements indicated, where applicable

- for validation / verification
- for 1st / 2nd / 3rd party

 Common structure (QS-CAS-PROC-01)

 Common elements (QS-CAS-PROC-33)

- revised version 2019 (CIB 2 implemented, some deviations between
ISO/IEC 17029 and final version of the PAS due to timing)
ISO/IEC 17029 – Structure

 Introduction

 Clause 1 – Scope
 Clause 2 – Normative references
 Clause 3 – Terms and definitions
 Clause 4 – Principles
ISO/IEC 17029 – Structure

 Clause 5 – General requirements

 Clause 6 – Structural requirements
 Clause 7 – Resource requirements
 Clause 8 – Validation/verification programmes
 Clause 9 – Process requirements
 Clause 10 – Information requirements
 Clause 11 – Management system requirements
ISO/IEC 17029 – Structure

 Annex A (informative) – Validation/verification programmes

 Annex B (informative) – Terminology and concepts in relation to

generic CASCO terms and concepts

 Annex C (informative) – Illustrations

Scope
ISO/IEC 17029 – Scope

This document contains general principles and requirements for the

competence, consistent operation and impartiality of bodies
performing validation/verification as conformity assessment
activities.
This document can be used as a basis for accreditation by
accreditation bodies, peer assessment within peer assessment
groups, or other forms of recognition of validation/verification
bodies by international or regional organizations, governments,
regulatory authorities, programme owners, industry bodies,
companies, clients or consumers.
Key terms & definitions
ISO/IEC 17029 – Terms and definitions

claim
information declared by the client
 object of conformity assessment
 representing a situation at a point in time or covering a period of
time
 clearly identifiable and capable of consistent evaluation or
measurement against specified requirements by a
validation/verification body
 synonyms (report, statement, declaration, project plan, data...)
ISO/IEC 17029 – Terms and definitions

client
organization or person requesting validation/verification

validation statement / verification statement

declaration by the validation/verification body of the outcome of the
validation/verification process
 statement of conformity, reflecting situation at time of issue
 confirming or not confirming the claim, with or without comments
 synonyms (decision, opinion, report…)
ISO/IEC 17029 – Terms and definitions

validation
confirmation of a claim, through the provision of objective evidence,
that the requirements for a specific intended future use or
application have been fulfilled
 conformity assessment activity
 confirmation of plausibility
ISO/IEC 17029 – Terms and definitions

verification
confirmation of a claim, through the provision of objective evidence,
that specified requirements have been fulfilled
 conformity assessment activity
 confirmation of truthfulness

validation body / verification body

body that performs validation/verification
 conformity assessment body, organization or part of an
organization
ISO/IEC 17029 – Terms and definitions

validation programme / verification programme

rules, procedures and management for carrying out
validation/verification activities in a specific sector
 conformity assessment scheme
 international, regional, national, sub-national, sector-specific

programme owner
person or organization responsible for developing and maintaining a
specific validation/verification programme
ISO/IEC 17029 – Terms and definitions

scope of validation/verification
identification of:
- the claim to be the object of validation or verification, including
the boundaries of the claim
- the applicable validation/verification programme
- the standards and other normative documents, including their
date of publication, to which the claim is validated/verified
ISO/IEC 17029 – Terms and definitions

consultancy
participation in establishing the claim that will be the object of
validation/verification
 activities of validation/verification bodies, their personnel and
organizations related or linked to the validation/verification bodies
 involvement in design of the object leading to the claim or
providing object specific expertise that supports the preparation
of the claim
 generic information (e.g. during training) is not considered
consultancy, provided that no client specific solutions are given
ISO/IEC 17029 – Terms and definitions

level of assurance
degree of confidence in the claim
 according to the programme (e.g. absolute, reasonable, limited)

material
significant to intended users
 influence on the reliability of the claim or decisions made by
intended user
 qualitative or quantitative
Principles
ISO/IEC 17029 – Principles

 General (4.1)

 Principles for the validation/verification process (4.2)

- evidence-based approach to decision making
- documentation
- fair representation
ISO/IEC 17029 – Principles

 Principles for validation/verification bodies (4.3)

- impartiality
- competence
- confidentiality
- openness
- responsibility
- responsiveness to complaints
- risk-based approach
Key requirements
CASCO Common elements

Clauses in ISO/IEC 17029 with mandatory text of CASCO Common elements:

 Impartiality – 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 6.1.2, 7.2.4

 Confidentiality – 7.2.6, 10.4.1, 10.4.2, 10.4.3, 10.4.4
 Appeals – 9.9.1, 9.9.2, 9.9.3, 9.9.4, 9.9.5, 9.9.6, 9.9.7, 9.9.8
 Complaints – 9.10.1, 9.10.2, 9.10.3, 9.10.4, 9.10.5, 9.10.6, 9.10.7, 9.10.8
 Competence – 7.2.1, 7.3.1, 7.3.3
 Management system – 11.1.1, 11.1.2, 11.1.3
ISO/IEC 17029 – Impartiality

 Review and decision shall not be made by personnel who

carried out the validation/verification execution (5.3.7)
 When providing both, validation and verification, to the same
client the validation/verification body shall consider and manage
the potential threat to impartiality, e.g. self-review and familiarity
(5.3.8)
 Optional consultation with committee of interested parties
(5.3.3)
 Consultancy and validation/verification shall not be offered for
the same claim from the same client (5.3.9)
ISO/IEC 17029 – External resources

 Minimum requirements for outsourcing are (7.4):

- full responsibility of validation/verification bodies
- engagement and decision not to be outsourced
- legally enforceable agreement
- conformity of outsourced activities with ISO/IEC 17029
- consent from client obtained
 Engagement of individually contracted persons or individuals
acting under the MS to provide additional resources is not
considered outsourcing
ISO/IEC 17029 – Programmes

 Application of at least one programme is required, consistent

with ISO/IEC 17029 and not exclude any of the requirements (8)
 Set of rules, procedures and management for carrying out
validation/verification activities in a specific sector or field, specify
the scope of validation/verification, competence criteria,
process steps, evidence gathering activities, reporting.
 Programme owner can be validation/verification bodies
themselves, governmental authorities, trade associations, groups
of validation bodies/verification bodies, external programme
owners or others
ISO/IEC 17029 – Process

Pre-engagement
Engagement Selection
Planning
Validation/verification execution,
Determination
including evidence gathering
Review Review
Decision Decision
Issue of validation/verification statement Attestation
ISO/IEC 17029 – Process - Facts discovered
after issue of the validation/verification
statement
Facts discovered after issue of the validation/verification
statement
Handling of appeals
Handling of complaints
Records
ISO/IEC 17029 – Management system

 Validation/verification bodies shall establish, document,

implement and maintain a management system, e.g. according
to ISO 9001, to support the requirements of ISO/IEC 17029 (11.1)
 Management review (11.2)
 Internal audits (11.3)
 Corrective actions (11.4)
 Actions to address risks and opportunities (11.5)
 Documented information (11.6)
Terms & concepts defined by ISO/IEC 17029
Generic terms and concepts defined by ISO/IEC Terms and concepts defined by this document
17000

Object of conformity assessment Claim

Conformity assessment body Validation/Verification body

Conformity assessment scheme Validation/Verification programme

Conformity assessment programme
Statement of conformity Validation/Verification statement

Selection function of conformity assessment Pre-engagement, engagement and planning

activities activities

Determination function of conformity Validation/verification execution activities,

assessment activities including evidence-gathering activities

Review function of conformity assessment Review

activities

Decision function of conformity assessment Decision

activities

Attestation function of conformity assessment Issue of the validation/verification statement

activities

Surveillance function of conformity assessment Not applicable

activities